flyctl build-secret cannot be multiline breaking necessary private key format

Arowana · December 13, 2022, 1:18am

In order to read private repositories at build time i need to provide a private key to the docker build command.

The docker build works on its own with the following command, to add a secret SSH_PRV_KEY which is an ed25519 private key file
DOCKER_BUILDKIT=1 docker build --secret id=SSH_PRV_KEY,src=id_ed25519

Following Build Secrets · Fly Docs I simply try to provide the secret

flyctl deploy --build-secret SSH_PRV_KEY=$(cat id_ed25519)

But this doesn’t work, the secret in the docker build ends up being only the first line of the private key file. As far as i know, i cannot alter the format of the private key to make it work.

Why is the --build-secret argument having such behaviour and should this be considered a bug?

ignoramous · December 13, 2022, 8:40am

If you can alter it, base64 the secret without wrapping lines?

And un-base64 it before reading it back.

Fly’s builders don’t use buildkit, btw. But if you need to, I guess you can build the docker image offline (on a AMD/Intel machine), you can later push it to Fly: Push to Fly.io image registry via Docker API - #2 by ignoramous

In case you didn’t know (and if it fits your needs):

flyctl deploy --local-only builds a docker image locally (as opposed to on a Fly builder) and deploys it to your app.
flyctl deploy --local-only --build-only builds the image locally and pushes it to Fly’s docker registry, which you can later deploy (docs).

Topic		Replies	Views
fly deploy --build-secret, passing a file Build debugging	3	47	February 27, 2025
Automating inclusion of build secrets Build debugging	6	93	January 14, 2025
Read fly secrets during Docker build Questions / Help	7	1209	January 3, 2024
Secret docker build arguments Questions / Help	4	2636	June 8, 2022
Build Time Secrets Questions / Help	5	1441	February 21, 2022

flyctl build-secret cannot be multiline breaking necessary private key format

Related topics